Difference between revisions of "Installation on Debian 9"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
m (Small fixes)
(Download OS templates: ctcreate to ctctl)
 
(5 intermediate revisions by the same user not shown)
Line 25: Line 25:
 
  Script=/etc/initramfs-tools/scripts/local-premount/tune
 
  Script=/etc/initramfs-tools/scripts/local-premount/tune
 
  echo '#!/bin/sh' | sudo tee $Script
 
  echo '#!/bin/sh' | sudo tee $Script
  echo 'if [ "$readonly" != "y" ] ; then exit 0 ; fi' | sudo tee -a $Script
+
  echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script
 
  echo e2fsck -f $Volume | sudo tee -a $Script
 
  echo e2fsck -f $Volume | sudo tee -a $Script
 
  echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script
 
  echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script
Line 39: Line 39:
 
  sudo rm /etc/initramfs-tools/scripts/local-premount/tune
 
  sudo rm /etc/initramfs-tools/scripts/local-premount/tune
 
  sudo apt --reinstall install initramfs-tools-core
 
  sudo apt --reinstall install initramfs-tools-core
 +
sudo update-initramfs -u -k all
 
This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.
 
This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.
  
Line 73: Line 74:
 
  sudo reboot
 
  sudo reboot
 
  sudo apt --auto-remove remove systemd
 
  sudo apt --auto-remove remove systemd
  echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/systemd
+
  echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd
  
 
* More recipes at [http://without-systemd.org/wiki/index.php/Debian_Stretch without-systemd.org]
 
* More recipes at [http://without-systemd.org/wiki/index.php/Debian_Stretch without-systemd.org]
Line 141: Line 142:
 
  sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
 
  sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal
  
Alternatively, you can also download precreated template caches from [[Download/template/precreated|Download » Template » Precreated]], or from one of the [https://mirrors.openvz.org/ mirrors]. Put those tarballs '''as-is (no unpacking needed)''' to the <tt>/vz/template/cache/</tt> directory.
+
Alternatives:
 +
* Download precreated template caches from [[Download/template/precreated|Download » Template » Precreated]] or from one of the [https://mirrors.openvz.org/ mirrors]. Put those tarballs '''as-is (no unpacking needed)''' to the <tt>/vz/template/cache/</tt> directory.
 +
* '''[https://downloads.actiu.net/ctctl/ ctctl]''' helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too.
  
 
= Next steps =
 
= Next steps =

Latest revision as of 09:25, 28 January 2020

This is a guide to install OpenVZ 6 (legacy) on your Debian 9 "Stretch" (amd64 or i386) machine.

Yellowpin.svg Note: The best and latest Debian version for OpenVZ 6 is Devuan 1.0, but Debian 9 makes really easy the coexistence of OVZ and unprivileged LXC containers.
Current commercial version of OpenVZ (Virtuozzo 7) is not installable on Devuan or Debian because is developed as an independent GNU/Linux distribution

Volumes and file systems[edit]

It is recommended to use a separate partition for containers (by default /var/lib/vz) and format it to compatible ext4.

Ext4[edit]

Debian 9 installer (and tools by default) formats Ext4 with new features, and concrete "metadata_csum" is incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with "metadata_csum". Ordered alternatives:

  1. After a fresh Debian 9 install, remove metadata_csum feature from filesystems.
  2. Upgrade from Debian 8 to Debian 9 (metadata_csum not inherited)
  3. Root volume (/ and others) as Ext3 and deploy /var/lib/vz in a later created Ext4 volume, without metadata_csum.
  4. Use Ext3

How to remove metadata_csum from a mounted partition[edit]

If your host altready mounts r/w volumes on boot and you can't tune2fs+e2fsck because volumes are in use, this is the solution (example for /dev/sda1):

  • First check if the partition is affected.
Volume=/dev/sda1
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
  • If last command didn't return a line with metadata_csum, nothing to do. Otherwise, continue:
echo copy_exec /sbin/e2fsck | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
echo copy_exec /sbin/tune2fs | sudo tee -a /usr/share/initramfs-tools/hooks/fsck
Script=/etc/initramfs-tools/scripts/local-premount/tune
echo '#!/bin/sh' | sudo tee $Script
echo 'if [ "$1" = "prereqs" ] ; then exit 0 ; fi' | sudo tee -a $Script
echo e2fsck -f $Volume | sudo tee -a $Script
echo tune2fs -O -metadata_csum $Volume | sudo tee -a $Script
echo e2fsck -f $Volume | sudo tee -a $Script
sudo chmod a+x $Script
sudo update-initramfs -u -k all
  • Reboot and check that metadata_csum disappeared:
sudo reboot
(...)
Volume=/dev/sda1
sudo dumpe2fs -h $Volume 2>/dev/null | grep -e metadata_csum
  • Restore initrd behaviour
sudo rm /etc/initramfs-tools/scripts/local-premount/tune
sudo apt --reinstall install initramfs-tools-core
sudo update-initramfs -u -k all

This recipe is useful for any volume that can't be neither unmounted nor remounted readonly.

How to remove metadata_csum from a not mounted partition[edit]

This procedure can be applied when partition can be mounted readonly

  • Example for /dev/sda9
sudo e2fsck -f /dev/sda9
sudo tune2fs -O -metadata_csum /dev/sda9
sudo e2fsck -f /dev/sda9

How to format a volume to be a compatible Ext4[edit]

  • Example for /dev/sda9
sudo mkfs -t ext4 -O -metadata_csum /dev/sda9

btrfs[edit]

You might want btrfs to use per-directory (subvolume) quotas for other simfs/dir containers, such as LXC. Only vzquota doesn't work on a btrfs volume; for OVZ containers it's better to mount /var/lib/vz to an Ext4 volume.

Debian 9 installer (and tools by default) formats btrfs with modern features as: mixed-bg, extref, skinny-metadata, no-holes. All of these are incompatible with OpenVZ6 kernel. Then it's necessary to boot without requiring the mount of volumes with these attributes. Ordered alternatives:

  1. Pre-format compatible btrfs for a fresh Debian 9 install on root volume (/ and others) and deploy /var/lib/vz in a later created Ext4 volume. Debian 9 installer must not format btrfs but "keep existing data" as allowed in manual partitioning stage.
  2. Use compatible Ext4 volumes and deploy later the secondary btrfs partitions.

How to format a volume to be a compatible btrfs[edit]

  • Example for /dev/sda1
sudo mkfs -t btrfs -O ^mixed-bg,^extref,^skinny-metadata,^no-holes /dev/sda1

You must not format btrfs with Debian installer because features cannot be disabled after.

Change Systemd to SystemV[edit]

Yellowpin.svg Note: Warning! This operation can make some desktop software to stop working.
sudo apt install sysvinit-core sysvinit-utils
# Must boot with SystemV to release Systemd
sudo reboot
sudo apt --auto-remove remove systemd
echo -e 'Package: *systemd*\nPin: release *\nPin-Priority: -1\n' | sudo tee /etc/apt/preferences.d/avoid-systemd

Register OVZ updated repository[edit]

RepoFile=/etc/apt/sources.list.d/openvz.list
RepoUrl=http://download.openvz.org/debian
echo "deb $RepoUrl jessie main" | sudo tee "$RepoFile"
echo "deb $RepoUrl wheezy main" | sudo tee -a "$RepoFile"
wget -qO - http://ftp.openvz.org/debian/archive.key | sudo apt-key add -
sudo apt-get --allow-unauthenticated update

As of July 2017, release key at openvz.org site is invalid, and last command will complain:

W: GPG error: http://download.openvz.org/debian jessie Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC
W: The repository 'http://download.openvz.org/debian jessie Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.
W: GPG error: http://download.openvz.org/debian wheezy Release: The following signatures were invalid: DA2458173935F9DE9B76BA7547B5DBAB0FCA9BAC
W: The repository 'http://download.openvz.org/debian wheezy Release' is not signed.
N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user configuration details.

You can continue.

Yellowpin.svg Note: For more info about Debian repositories, see http://download.openvz.org/debian.

Install packages[edit]

KPackage="linux-image-openvz-$(dpkg --print-architecture)"
sudo apt --allow-unauthenticated --install-recommends install $KPackage vzdump ploop initramfs-tools dirmngr
if [ ! -d /vz ] ; then sudo ln -s /var/lib/vz/ /vz ; fi
  • Create file /etc/vz/vznet.conf with the following line:
EXTERNAL_SCRIPT="/usr/sbin/vznetaddbr"
  • Optionally you can set containers completely stop when service stops at /etc/vz/vz.conf
VE_STOP_MODE=stop

Reboot into OpenVZ kernel[edit]

Yellowpin.svg Note: At boot manager, in "Advanced options for Debian GNU/Linux", you will find kernels named "2.6.32-openvz". Select the first listed.
sudo reboot

Check the OpenVZ processes are running:

sudo ps ax | grep -v 'grep' | grep 'vzmond'

Set OpenVZ as default to boot[edit]

Because of GRUB2 default criteria, default kernel to boot can still be the one from Debian's repository (non OVZ). Probably you don't want this behaviour; once you've booted fine into OpenVZ kernel, you can remove other unuseful kernels:

Packages="$(apt list --installed 'linux-image-*' 2>/dev/null | grep -e '^linux-image-' | grep -ve 'openvz' | cut -f 1 -d '/')"
sudo apt --autoremove remove $Packages

Download OS templates[edit]

This step is optional, vzctl is able to download templates on demand.

An OS template is a GNU distribution for Linux, installed into a container and then packed into a gzipped tarball. Using such a cache, a new container can be created in a minute.

# Register official container templates:
OpenvzKey="$(echo $(sudo gpg --batch --search-keys security@openvz.org 2>&1 | grep -ie ' key.*created' | sed -e 's|key|@|g' | cut -f 2 -d '@') | cut -f 1 -d ' ' | cut -f 1 -d ',')"
sudo gpg --recv-keys $OpenvzKey
sudo vztmpl-dl --gpg-check --list-remote
# Example:
sudo vztmpl-dl --gpg-check debian-8.0-x86_64-minimal

Alternatives:

  • Download precreated template caches from Download » Template » Precreated or from one of the mirrors. Put those tarballs as-is (no unpacking needed) to the /vz/template/cache/ directory.
  • ctctl helper to create Debian (or derivative) container without template (caches it as a local template). This tool manages unprivileged LXC containers too.

Next steps[edit]

OpenVZ is now set up on your machine. Follow on to basic operations in OpenVZ environment document.

See also[edit]